From bcd2edb380ee52f14259be5fdc61a9adde5b6bb8 Mon Sep 17 00:00:00 2001
From: Georgios Andrianakis <geoand@gmail.com>
Date: Mon, 4 Sep 2023 13:28:21 +0300
Subject: [PATCH 1/2] Fix potential NPE in HTTP proxying

Fixes: #35706
---
 .../java/io/quarkus/vertx/http/runtime/ForwardedParser.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java
index 6fe05d63185aa..0bdee036fbf3b 100644
--- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java
+++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java
@@ -140,7 +140,7 @@ private void calculate() {
 
                 matcher = FORWARDED_FOR_PATTERN.matcher(forwarded);
                 if (matcher.find()) {
-                    remoteAddress = parseFor(matcher.group(1).trim(), remoteAddress.port());
+                    remoteAddress = parseFor(matcher.group(1).trim(), remoteAddress != null ? remoteAddress.port() : port);
                 }
             } else if (forwardingProxyOptions.allowXForwarded) {
                 String protocolHeader = delegate.getHeader(X_FORWARDED_PROTO);
@@ -177,7 +177,7 @@ private void calculate() {
 
                 String forHeader = delegate.getHeader(X_FORWARDED_FOR);
                 if (forHeader != null) {
-                    remoteAddress = parseFor(getFirstElement(forHeader), remoteAddress.port());
+                    remoteAddress = parseFor(getFirstElement(forHeader), remoteAddress != null ? remoteAddress.port() : port);
                 }
             }
         }

From b7e4f0a43fe48292b06a67f45e7625ed9261a379 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Mon, 11 Sep 2023 15:08:08 +0300
Subject: [PATCH 2/2] Add remote address NPE check

---
 .../quarkus/vertx/http/runtime/ForwardedProxyHandler.java   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java
index 6ba0cb9d1cc07..cde4f0d034fd8 100644
--- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java
+++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java
@@ -45,7 +45,11 @@ public ForwardedProxyHandler(TrustedProxyCheck.TrustedProxyCheckBuilder proxyChe
 
     @Override
     public void handle(HttpServerRequest event) {
-        if (event.remoteAddress().isDomainSocket()) {
+        if (event.remoteAddress() == null) {
+            // client address may not be available with virtual http channel
+            LOGGER.debug("Client address is not available, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
+            handleForwardedServerRequest(event, denyAll());
+        } else if (event.remoteAddress().isDomainSocket()) {
             // we do not support domain socket proxy checks, ignore the headers
             LOGGER.debug("Domain socket are not supported, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
             handleForwardedServerRequest(event, denyAll());